Skip to content

Commit

Permalink
tetragon: Change enforcer programs pin path
Browse files Browse the repository at this point in the history 
We have the hierarchy in sysfs tree, so we don't nede the 'enforcer'
prefix for kprobe program.

Also adding 'fmod_ret_' prefix for fmod_ret programs, like:

./kill-syscalls
./kill-syscalls/__enforcer__
./kill-syscalls/__enforcer__/fmod_ret___ia32_sys_dup
./kill-syscalls/__enforcer__/fmod_ret___ia32_sys_dup/prog
./kill-syscalls/__enforcer__/fmod_ret___x64_sys_dup2
./kill-syscalls/__enforcer__/fmod_ret___x64_sys_dup2/prog
./kill-syscalls/__enforcer__/fmod_ret___x64_sys_dup
./kill-syscalls/__enforcer__/fmod_ret___x64_sys_dup/prog

Signed-off-by: Jiri Olsa <[email protected]>
  • Loading branch information
@olsajiri
olsajiri committed Sep 14, 2024
1 parent f3087bc commit 79f43bb
Showing 1 changed file with 2 additions and 3 deletions.
5 changes: 2 additions & 3 deletions pkg/sensors/tracing/enforcer.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -276,7 +276,6 @@ func (kp *enforcerPolicy) createEnforcerSensor(
return nil, err
}

pinPath := sensors.PathJoin(name, "enforcer_kprobe")
switch overrideMethod {
case OverrideMethodReturn:
useMulti := !specOpts.DisableKprobeMulti && !option.Config.DisableKprobeMulti && bpf.HasKprobeMulti()
Expand All @@ -292,7 +291,7 @@ func (kp *enforcerPolicy) createEnforcerSensor(
path.Join(option.Config.HubbleLib, prog),
attach,
label,
pinPath,
"kprobe",
"enforcer").
SetLoaderData(policyName)

Expand All @@ -305,7 +304,7 @@ func (kp *enforcerPolicy) createEnforcerSensor(
path.Join(option.Config.HubbleLib, "bpf_fmodret_enforcer.o"),
syscallSym,
"fmod_ret/security_task_prctl",
pinPath,
fmt.Sprintf("fmod_ret_%s", syscallSym),
"enforcer").
SetLoaderData(policyName)
progs = append(progs, load)
Expand Down

0 comments on commit 79f43bb

Please sign in to comment.